Details
Description
the target is that a geronimo user could define role based navigation tree easily without building geronimo from source code.
User could define an external file with something like this:
role name: role 1 navigation access pages: "0/Welcome", "1-1-1/Application Server/System Information/Server Information", "1-1-2/Application Server/System Information/Java System Info", "1-1-4/Application Server/System Information/Thread Pools", "1-8/Server/Monitoring" role name: role 2 navigation access pages: "0/Welcome", "1-1-1/Application Server/System Information/Server Information", "1-1-2/Application Server/System Information/Java System Info", "1-1-4/Application Server/System Information/Thread Pools", "1-8/Server/Monitoring"
The role names must have been defined as group name in current realm. Then, we could read this file into class[1] and filter the navigation tree according to current user's roles.
As for the pages that are not in navigation tree, we should use a servlet filter with the same role/access page mapping to block the address bar direct access.
[1]https://svn.apache.org/repos/asf/geronimo/server/trunk/plugins/console/console-portal-driver/src/main/java/org/apache/geronimo/console/navigation/NavigationJsonGenerator.java
Attachments
Issue Links
- relates to
-
GERONIMO-6059 New look and feel of Geronimo 3.0 admin console
- Closed